spellbook.legal - Principal Security Researcher
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Strong experience in application security, red teaming, penetration testing, vulnerability research, product security, or offensive security. • Hands-on experience testing modern web applications, APIs, authentication flows, authorization models, cloud services, and distributed systems. • Experience developing proof-of-concept exploits or clear technical demonstrations to validate security impact. • Firm grasp of common software security risks, secure design principles, identity and access controls, data protection, and secure development practices. • Experience partnering with engineering, product, or R&D teams to triage, prioritize, and remediate vulnerabilities end-to-end. • Excellent written and verbal communication skills, with the ability to write clear technical reports, executive summaries, remediation guidance, and public-facing research, and to explain trade-offs to engineers, PMs, and leadership. • Strong judgment around responsible disclosure, customer impact, confidentiality, and coordinated communication. • Pragmatic at distinguishing theoretical risk from practical risk, with the instinct to help teams focus on what matters most. • Comfortable operating with ambiguity and moving with urgency across hands-on testing, product security, incident support, and external coordination. • Track record of driving measurable risk reduction in a fast-moving technical environment. • Experience with AI security, LLM security, prompt injection, jailbreaks, agentic workflows, model abuse, or secure AI product development. • Experience in legaltech, fintech, healthtech, or another environment that handles highly sensitive customer data. • Experience managing or participating in bug bounty programs, responsible disclosure programs, or external researcher communities. • Experience publishing security research, speaking at conferences, or contributing to the broader security research community. • Familiarity with enterprise security expectations and compliance frameworks such as SOC 2, HIPAA, GDPR, or emerging AI governance frameworks.
Responsibilities
• Identify security risks across the company and partner with the relevant teams to reduce them. • Lead active red teaming, application security testing, penetration testing, exploit validation, and adversarial analysis. • Conduct original security research on legal AI, LLM-enabled products, sensitive document workflows, prompt injection, data leakage, model misuse, and tool abuse. • Coordinate third-party penetration tests, red team exercises, audits, and other external security assessments. • Own external vulnerability reports — bug bounty submissions, responsible disclosure reports, researcher communications, triage, validation, prioritization, and remediation tracking. • Drive threat modelling and secure design reviews for new products, features, AI workflows, integrations, and infrastructure changes. • Partner with R&D and Engineering to surface trust boundaries, abuse cases, and data exposure risks early in development. • Support Security Operations during incident response by reproducing vulnerabilities, validating exploits, assessing impact, and recommending remediation. • Engage with frontier AI labs, external researchers, vendors, and the broader security community to stay current on AI safety and security developments. • Publish security research, advisories, technical writeups, blog posts, or conference talks where aligned with company priorities. • Define and improve repeatable processes for security research, testing, vulnerability management, and remediation across Spellbook.
Benefits
• Embrace autonomy and accountability in a flexible work environment; we focus on outcomes and empower you to determine how to get the job done • Access our company-paid group benefits for you and your family, with $1,000 towards mental health support • Disconnect during our holiday closure and take advantage of our generous time off policies throughout the year • Enjoy monthly paid meals, an annual wellness allowance to support your well-being and parental leave top-ups as your family grows • Secure your stake in our success; you’ll receive competitive stock option grants as a pivotal early employee • INCLUSIVE HIRING AT SPELLBOOK • Spellbook uses industry benchmark data to establish compensation bands for all roles. The salary range listed for a position reflects the expected total wage range for the role—including base salary and on-target commissions, where applicable—and may span multiple career levels. Final compensation is determined during the interview process based on factors such as experience, skills, scope, and role level. In addition to base salary and applicable commissions, total rewards may include equity, health and wellness benefits, and other company programs. Full details will be shared during the interview process.
No credit card. Takes 10 seconds.